With computerization and developments in Internet technology, the number of accesses to financial data, medical data, and personal data is increasing, and data belonging to secret is being used as means for boosting illegal transactions that are updated or changed. To maintain confidentiality of this data, passwords are widely in use. However, passwords are usually based on birth dates or phone numbers that are not protected because they are relatively easily predicted or estimated.
Even complicate and randomly-generated passwords are relatively easy to be illegally used. Accordingly, data access systems based on passwords easily become a target for crime, and thus dangers and losses may be caused to the industry and business and even personal life. Therefore, an improved method for protecting data from unauthorized accesses is necessary. Examples of biometric data may include minute details (feature points of a fingerprint, etc.) difficult to be captured but easy to be analyzed, and an overall pattern (a spatial feature of adjacent fingerprint whorls, etc.) easy to be captured but difficult to be analyzed.
An encryption algorithm requires a digital key that can only be used by authorized users. If there are no appropriate keys, resources should be processed for a long time, and predetermined features of non-encrypted data should be ascertained (should be at least predicted), in order to decode encrypted data in a usable format.
A personal identification system has been disclosed, using an identification (ID) card including an integrated memory for registering encrypted biometric data acquired from a card owner. The biometric data is voiceprints, fingerprints, physical appearances, and/or biological assays. When a card is used, the personal identification system reads and decrypts data from the card and compares a result of the decryption with data acquired from the owner of the card. According to this system, registered persons are positively identified, and the accuracy of the identification is very high. However, since the biometric data is acquired and processed by external equipment, it is not easy to protect information stored in the card from falsification and/or identity theft.
In order to substantially protect biometric data stored in a card from unauthorized changes to the stored data by providing a hardware firewall of encrypting and separating the biometric data, an improved ID card equipped with a data-driven multi-processor chip has been proposed. However, since a substantial matching process is performed by an external read terminal for capturing biometric data, the biometric data is highly likely to be affected by external illegal manipulations.